def setUp(self):
super(TestDHCPApp, self).setUp()
self.topology = None
self.policy = None
try:
self.topology = self.store(
app_testing_objects.Topology(self.neutron, self.nb_api))
self.subnet1 = self.topology.create_subnet(cidr='192.168.11.0/24')
self.port1 = self.subnet1.create_port()
self.port2 = self.subnet1.create_port()
time.sleep(const.DEFAULT_RESOURCE_READY_TIMEOUT)
# Create policy
dhcp_packet = self._create_dhcp_discover()
send_dhcp_offer = app_testing_objects.SendAction(
self.subnet1.subnet_id, self.port1.port_id, str(dhcp_packet))
port_policies = self._create_port_policies()
self.policy = self.store(
app_testing_objects.Policy(
initial_actions=[send_dhcp_offer],
port_policies=port_policies,
unknown_port_action=app_testing_objects.IgnoreAction()))
except Exception:
if self.topology:
self.topology.close()
raise
def setUp(self):
super(TestL3App, self).setUp()
self.topology = None
self.policy = None
self._ping = None
try:
self.topology = self.store(
app_testing_objects.Topology(self.neutron, self.nb_api))
self.subnet1 = self.topology.create_subnet(cidr='192.168.12.0/24')
self.subnet2 = self.topology.create_subnet(cidr='192.168.13.0/24')
self.port1 = self.subnet1.create_port()
self.port2 = self.subnet2.create_port()
self.router = self.topology.create_router([
self.subnet1.subnet_id,
self.subnet2.subnet_id,
])
time.sleep(const.DEFAULT_RESOURCE_READY_TIMEOUT)
port_policies = self._create_port_policies()
self.policy = self.store(
app_testing_objects.Policy(
initial_actions=[
app_testing_objects.SendAction(
self.subnet1.subnet_id, self.port1.port_id,
self._create_ping_packet),
],
port_policies=port_policies,
unknown_port_action=app_testing_objects.IgnoreAction()))
except Exception:
if self.topology:
self.topology.close()
raise
def setUp(self):
super(TestSGApp, self).setUp()
self.topology = None
self.policy = None
self.security_group = objects.SecGroupTestObj(self.neutron,
self.nb_api)
self.addCleanup(self.security_group.close)
security_group_id = self.security_group.create()
self.assertTrue(self.security_group.exists())
self.security_group2 = objects.SecGroupTestObj(self.neutron,
self.nb_api)
self.addCleanup(self.security_group2.close)
security_group_id2 = self.security_group2.create()
self.assertTrue(self.security_group2.exists())
self.security_group3 = objects.SecGroupTestObj(self.neutron,
self.nb_api)
self.addCleanup(self.security_group3.close)
security_group_id3 = self.security_group3.create()
self.assertTrue(self.security_group3.exists())
self.topology = app_testing_objects.Topology(self.neutron, self.nb_api)
self.addCleanup(self.topology.close)
self.active_security_group_id = security_group_id
self.inactive_security_group_id = security_group_id2
self.allowed_address_pairs_security_group_id = security_group_id3
self.permit_icmp_request = self._get_icmp_request1
self.no_permit_icmp_request = self._get_icmp_request2
def test_infrastructure(self):
try:
topology = app_testing_objects.Topology(self.neutron, self.nb_api)
subnet1 = topology.create_subnet(cidr='192.168.10.0/24')
subnet2 = topology.create_subnet(cidr='192.168.11.0/24')
port1 = subnet1.create_port()
port2 = subnet2.create_port()
topology.create_router([subnet1.subnet_id, subnet2.subnet_id])
LOG.info('Port1 name: {}'.format(port1.tap.tap.name))
LOG.info('Port2 name: {}'.format(port2.tap.tap.name))
test_utils.print_command(['ip', 'addr'])
test_utils.print_command(['ovs-vsctl', 'show'], True)
test_utils.print_command(
['ovs-ofctl', 'show', self.integration_bridge], True)
test_utils.print_command(
['ovs-ofctl', 'dump-flows', self.integration_bridge], True)
test_utils.print_command(['ovsdb-client', 'dump', 'Open_vSwitch'],
True)
except Exception as e:
traceback = sys.exc_info()[2]
try:
topology.close()
except Exception:
pass # Ignore
# Just calling raise may raise an exception from topology.close()
raise e, None, traceback
topology.close()
def setUp(self):
super(TestArpResponder, self).setUp()
self.topology = None
self.policy = None
try:
self.topology = app_testing_objects.Topology(
self.neutron,
self.nb_api)
subnet1 = self.topology.create_subnet(cidr='192.168.10.0/24')
port1 = subnet1.create_port()
port2 = subnet1.create_port()
time.sleep(test_utils.DEFAULT_CMD_TIMEOUT)
# Create policy
arp_packet = self._create_arp_request(
src_port=port1.port.get_logical_port(),
dst_port=port2.port.get_logical_port(),
)
send_arp_request = app_testing_objects.SendAction(
subnet1.subnet_id,
port1.port_id,
str(arp_packet),
)
ignore_action = app_testing_objects.IgnoreAction()
log_action = app_testing_objects.LogAction()
key1 = (subnet1.subnet_id, port1.port_id)
port_policies = {
key1: app_testing_objects.PortPolicy(
rules=[
app_testing_objects.PortPolicyRule(
# Detect arp replies
app_testing_objects.RyuARPReplyFilter(),
actions=[
log_action,
app_testing_objects.StopSimulationAction()
]
),
app_testing_objects.PortPolicyRule(
# Ignore IPv6 packets
app_testing_objects.RyuIPv6Filter(),
actions=[
ignore_action
]
),
],
default_action=app_testing_objects.RaiseAction(
"Unexpected packet"
)
),
}
self.policy = app_testing_objects.Policy(
initial_actions=[send_arp_request],
port_policies=port_policies,
unknown_port_action=ignore_action
)
except Exception:
if self.topology:
self.topology.close()
raise
self.store(self.topology)
self.store(self.policy)
def _init_topology(self):
network = netaddr.IPNetwork(self.cidr)
security_group = self.store(
objects.SecGroupTestObj(self.neutron, self.nb_api))
security_group_id = security_group.create()
self.assertTrue(security_group.exists())
egress_rule_info = {
'ethertype': self.ethertype,
'direction': 'egress',
'protocol': self.icmp_proto
}
egress_rule_id = security_group.rule_create(secrule=egress_rule_info)
self.assertTrue(security_group.rule_exists(egress_rule_id))
ingress_rule_info = {
'ethertype': self.ethertype,
'direction': 'ingress',
'protocol': self.icmp_proto,
'remote_ip_prefix': self.cidr
}
ingress_rule_id = security_group.rule_create(secrule=ingress_rule_info)
self.assertTrue(security_group.rule_exists(ingress_rule_id))
self.topology = self.store(
app_testing_objects.Topology(self.neutron, self.nb_api))
self.subnet = self.topology.create_subnet(cidr=self.cidr)
self.port1 = self.subnet.create_port()
self.port1.update({
"allowed_address_pairs": [{
"ip_address": network[100],
"mac_address": "10:20:99:99:99:99"
}]
})
self.port2 = self.subnet.create_port([security_group_id])
def test_infrastructure(self):
try:
topology = app_testing_objects.Topology(self.neutron, self.nb_api)
subnet1 = topology.create_subnet(cidr='192.168.10.0/24')
subnet2 = topology.create_subnet(cidr='192.168.11.0/24')
port1 = subnet1.create_port()
port2 = subnet2.create_port()
topology.create_router([subnet1.subnet_id, subnet2.subnet_id])
LOG.info('Port1 name: {}'.format(port1.tap.tap.name))
LOG.info('Port2 name: {}'.format(port2.tap.tap.name))
test_utils.print_command(['ip', 'addr'])
test_utils.print_command(['ovs-vsctl', 'show'], True)
test_utils.print_command(
['ovs-ofctl', 'show', self.integration_bridge],
True
)
test_utils.print_command(
['ovs-ofctl', 'dump-flows', self.integration_bridge],
True
)
test_utils.print_command(
['ovsdb-client', 'dump', 'Open_vSwitch'],
True
)
except Exception:
with excutils.save_and_reraise_exception():
try:
topology.close()
except Exception:
pass # Ignore
topology.close()
def setUp(self):
super(TestDNATApp, self).setUp()
self.topology = None
try:
self.topology = self.store(
app_testing_objects.Topology(
self.neutron,
self.nb_api
)
)
self.subnet = self.topology.create_subnet()
self.port = self.subnet.create_port()
self.router = self.topology.create_router([
self.subnet.subnet_id
])
ext_net_id = self.topology.create_external_network([
self.router.router_id
])
self.fip = self.store(
objects.FloatingipTestObj(self.neutron, self.nb_api))
self.fip.create({'floating_network_id': ext_net_id,
'port_id': self.port.port.port_id})
except Exception:
if self.topology:
self.topology.close()
raise
def setUp(self):
super(TestNeighborAdvertiser, self).setUp()
self.topology = None
self.policy = None
# Disable Duplicate Address Detection requests from the interface
self.dad_conf = utils.execute(
['sysctl', '-n', 'net.ipv6.conf.default.accept_dad'])
utils.execute(['sysctl', '-w', 'net.ipv6.conf.default.accept_dad=0'],
run_as_root=True)
# Disable Router Solicitation requests from the interface
self.router_solicit_conf = utils.execute(
['sysctl', '-n', 'net.ipv6.conf.default.router_solicitations'])
utils.execute(
['sysctl', '-w', 'net.ipv6.conf.default.router_solicitations=0'],
run_as_root=True)
self.topology = app_testing_objects.Topology(self.neutron, self.nb_api)
self.addCleanup(self.topology.close)
subnet1 = self.topology.create_subnet(cidr='1111:1111:1111::/64')
port1 = subnet1.create_port()
port2 = subnet1.create_port()
time.sleep(const.DEFAULT_RESOURCE_READY_TIMEOUT)
# Create Neighbor Solicitation packet
ns_packet = self._create_ns_request(
src_port=port1.port.get_logical_port(),
dst_port=port2.port.get_logical_port(),
)
send_ns_request = app_testing_objects.SendAction(
subnet1.subnet_id,
port1.port_id,
ns_packet,
)
ignore_action = app_testing_objects.IgnoreAction()
log_action = app_testing_objects.LogAction()
key1 = (subnet1.subnet_id, port1.port_id)
adv_filter = app_testing_objects.RyuNeighborAdvertisementFilter()
port_policies = {
key1:
app_testing_objects.PortPolicy(
rules=[
app_testing_objects.PortPolicyRule(
# Detect advertisements
adv_filter,
actions=[
log_action,
app_testing_objects.StopSimulationAction()
]),
app_testing_objects.PortPolicyRule(
# Filter local VM's Multicast requests
app_testing_objects.RyuIpv6MulticastFilter(),
actions=[ignore_action])
],
default_action=app_testing_objects.RaiseAction(
"Unexpected packet")),
}
self.policy = app_testing_objects.Policy(
initial_actions=[send_ns_request],
port_policies=port_policies,
unknown_port_action=ignore_action)
self.addCleanup(self.policy.close)
def _create_topology(self, enable_dhcp=True, cidr='192.168.11.0/24'):
self.topology = app_testing_objects.Topology(self.neutron, self.nb_api)
self.addCleanup(self.topology.close)
self.subnet1 = self.topology.create_subnet(cidr=cidr,
enable_dhcp=enable_dhcp)
self.port1 = self.subnet1.create_port()
self.port2 = self.subnet1.create_port()
time.sleep(const.DEFAULT_RESOURCE_READY_TIMEOUT)
def _create_topology(self):
self.topology = app_testing_objects.Topology(self.neutron, self.nb_api)
self.addCleanup(self.topology.close)
self.subnet1 = self.topology.create_subnet(cidr='192.168.15.0/24')
self.port1 = self.subnet1.create_port()
self.router = self.topology.create_router([self.subnet1.subnet_id])
self.topology.create_external_network([self.router.router_id])
time.sleep(const.DEFAULT_RESOURCE_READY_TIMEOUT)
def start_subscribing(self):
self._topology = self.store(
test_objects.Topology(self.neutron, self.nb_api))
subnet = self._topology.create_subnet(cidr="192.168.200.0/24")
port = subnet.create_port()
utils.wait_until_true(lambda: port.name is not None,
timeout=const.DEFAULT_RESOURCE_READY_TIMEOUT,
exception=Exception('Port was not created'))
def setUp(self):
super(TestL3Flows, self).setUp()
self.topology = None
self.topology = app_testing_objects.Topology(
self.neutron,
self.nb_api)
self.addCleanup(self.topology.close)
self.subnet1 = self.topology.create_subnet(cidr='192.168.10.0/24')
self.port1 = self.subnet1.create_port()
self.router = self.topology.create_router([
self.subnet1.subnet_id])
def _create_topology(self, enable_dhcp=True, cidr='192.168.11.0/24'):
try:
self.topology = self.store(
app_testing_objects.Topology(self.neutron, self.nb_api))
self.subnet1 = self.topology.create_subnet(cidr=cidr,
enable_dhcp=enable_dhcp)
self.port1 = self.subnet1.create_port()
self.port2 = self.subnet1.create_port()
time.sleep(const.DEFAULT_RESOURCE_READY_TIMEOUT)
except Exception:
if self.topology:
self.topology.close()
raise
def setUp(self):
super(TestL3Flows, self).setUp()
self.topology = None
try:
self.topology = app_testing_objects.Topology(
self.neutron, self.nb_api)
self.subnet1 = self.topology.create_subnet(cidr='192.168.10.0/24')
self.port1 = self.subnet1.create_port()
self.router = self.topology.create_router([self.subnet1.subnet_id])
except Exception:
if self.topology:
self.topology.close()
raise
self.store(self.topology)
def setUp(self):
super(TestDNATApp, self).setUp()
self.topology = None
self.topology = app_testing_objects.Topology(self.neutron, self.nb_api)
self.addCleanup(self.topology.close)
self.subnet = self.topology.create_subnet()
self.port = self.subnet.create_port()
self.router = self.topology.create_router([self.subnet.subnet_id])
ext_net_id = self.topology.create_external_network(
[self.router.router_id])
self.fip = objects.FloatingipTestObj(self.neutron, self.nb_api)
self.addCleanup(self.fip.close)
self.fip.create({
'floating_network_id': ext_net_id,
'port_id': self.port.port.port_id
})
def setUp(self):
super(TestAllowedAddressPairsDetectActive, self).setUp()
if not self.check_app_loaded("active_port_detection"):
self.skipTest("ActivePortDetectionApp is not enabled")
self.topology = None
self.policy = None
self.allowed_address_pair_ip_address = None
self.allowed_address_pair_mac_address = None
try:
self.topology = self.store(app_testing_objects.Topology(
self.neutron,
self.nb_api))
subnet = self.topology.create_subnet(cidr='192.168.98.0/24')
self.subnet = subnet
port = subnet.create_port()
self.port = port
time.sleep(const.DEFAULT_RESOURCE_READY_TIMEOUT)
port.update({'allowed_address_pairs': [{
'ip_address': '192.168.98.100'}]})
time.sleep(const.DEFAULT_RESOURCE_READY_TIMEOUT)
port_lport = port.port.get_logical_port()
self.assertIsNotNone(port_lport)
self.allowed_address_pair_mac_address, \
self.allowed_address_pair_ip_address = \
apps.get_port_mac_and_ip(port, True)
# Create policy to reply arp request sent from controller
self.policy = self.store(
app_testing_objects.Policy(
initial_actions=[],
port_policies=self._create_policy_to_reply_arp_request(),
unknown_port_action=app_testing_objects.IgnoreAction()
)
)
except Exception:
if self.topology:
self.topology.close()
raise
def setUp(self):
super(TestL3App, self).setUp()
self.topology = None
self.policy = None
self._ping = None
try:
self.topology = self.store(
app_testing_objects.Topology(self.neutron, self.nb_api))
self.subnet1 = self.topology.create_subnet(cidr='192.168.12.0/24')
self.subnet2 = self.topology.create_subnet(cidr='192.168.13.0/24')
self.port1 = self.subnet1.create_port()
self.port2 = self.subnet2.create_port()
self.router = self.topology.create_router([
self.subnet1.subnet_id,
self.subnet2.subnet_id,
])
time.sleep(const.DEFAULT_RESOURCE_READY_TIMEOUT)
except Exception:
if self.topology:
self.topology.close()
raise
def test_icmp_ping_pong(self):
# Setup base components - two ports on 1 network
self.topology = app_testing_objects.Topology(self.neutron, self.nb_api)
self.addCleanup(self.topology.close)
self.subnet1 = self.topology.create_subnet(cidr='192.168.12.0/24')
self.port1 = self.subnet1.create_port()
self.port2 = self.subnet1.create_port()
time.sleep(const.DEFAULT_RESOURCE_READY_TIMEOUT)
# Setup VLAN ports
self.network = objects.NetworkTestObj(self.neutron, self.nb_api)
self.addCleanup(self.network.close)
self.network.create()
self.subnet = objects.SubnetTestObj(self.neutron,
self.nb_api,
network_id=self.network.network_id)
self.addCleanup(self.subnet.close)
self.subnet.create()
self.vlan_port1 = objects.PortTestObj(
self.neutron, self.nb_api, network_id=self.network.network_id)
self.addCleanup(self.vlan_port1.close)
self.vlan_port1.create()
self.vlan_port2 = objects.PortTestObj(
self.neutron, self.nb_api, network_id=self.network.network_id)
self.addCleanup(self.vlan_port2.close)
self.vlan_port2.create()
self.cps1 = objects.ChildPortSegmentationTestObj(
self.neutron, self.nb_api)
self.addCleanup(self.cps1.close)
self.cps1.create(self.port1.port.port_id, self.vlan_port1.port_id,
'vlan', 7)
self.addCleanup(self.port1.unbind)
self.cps2 = objects.ChildPortSegmentationTestObj(
self.neutron, self.nb_api)
self.addCleanup(self.cps2.close)
self.cps2.create(self.port2.port.port_id, self.vlan_port2.port_id,
'vlan', 8)
self.addCleanup(self.port2.unbind)
# Setup policy
ignore_action = app_testing_objects.IgnoreAction()
key1 = (self.subnet1.subnet_id, self.port1.port_id)
rules1 = [
app_testing_objects.PortPolicyRule(
# Detect pong, end simulation
app_testing_objects.AndingFilter(
app_testing_objects.OsKenVLANTagFilter(7),
app_testing_objects.OsKenICMPPongFilter(self._get_ping)),
actions=[
app_testing_objects.DisableRuleAction(),
app_testing_objects.StopSimulationAction()
]),
app_testing_objects.PortPolicyRule(
# Ignore gratuitous ARP packets
app_testing_objects.OsKenARPGratuitousFilter(),
actions=[ignore_action]),
app_testing_objects.PortPolicyRule(
# Ignore IPv6 packets
app_testing_objects.OsKenIPv6Filter(),
actions=[ignore_action]),
]
key2 = (self.subnet1.subnet_id, self.port2.port_id)
rules2 = [
app_testing_objects.PortPolicyRule(
# Detect ping, reply with pong
app_testing_objects.AndingFilter(
app_testing_objects.OsKenVLANTagFilter(8),
app_testing_objects.OsKenICMPPingFilter()),
actions=[
app_testing_objects.SendAction(self.subnet1.subnet_id,
self.port2.port_id,
self._create_pong_packet),
app_testing_objects.DisableRuleAction()
]),
app_testing_objects.PortPolicyRule(
# Ignore gratuitous ARP packets
app_testing_objects.OsKenARPGratuitousFilter(),
actions=[ignore_action]),
app_testing_objects.PortPolicyRule(
# Ignore IPv6 packets
app_testing_objects.OsKenIPv6Filter(),
actions=[ignore_action]),
]
raise_action = app_testing_objects.RaiseAction("Unexpected packet")
policy1 = app_testing_objects.PortPolicy(rules=rules1,
default_action=raise_action)
policy2 = app_testing_objects.PortPolicy(rules=rules2,
default_action=raise_action)
port_policies = {key1: policy1, key2: policy2}
initial_packet = self._create_ping_packet()
policy = app_testing_objects.Policy(
initial_actions=[
app_testing_objects.SendAction(
self.subnet1.subnet_id,
self.port1.port_id,
initial_packet,
),
],
port_policies=port_policies,
unknown_port_action=app_testing_objects.IgnoreAction())
self.addCleanup(policy.close)
time.sleep(const.DEFAULT_RESOURCE_READY_TIMEOUT)
# Verify port is up
neutron_vlan_port1 = objects.get_port_by_id(self.neutron,
self.vlan_port1.port_id)
self.assertEqual(n_const.PORT_STATUS_ACTIVE,
neutron_vlan_port1['status'])
neutron_vlan_port2 = objects.get_port_by_id(self.neutron,
self.vlan_port2.port_id)
self.assertEqual(n_const.PORT_STATUS_ACTIVE,
neutron_vlan_port2['status'])
# Verify connectivity
apps.start_policy(policy, self.topology,
const.DEFAULT_RESOURCE_READY_TIMEOUT)
def setUp(self):
super(SfcTestsCommonBase, self).setUp()
self.security_group = self.store(
objects.SecGroupTestObj(self.neutron, self.nb_api))
security_group_id = self.security_group.create()
self.assertTrue(self.security_group.exists())
for direction, ethertype, protocol in itertools.product(
('ingress', 'egress'),
(constants.IPv4, constants.IPv6),
(constants.PROTO_NAME_TCP, constants.PROTO_NAME_UDP),
):
rule = {
'direction': direction,
'ethertype': ethertype,
'protocol': protocol,
'port_range_min': 1,
'port_range_max': 65535,
}
rule_id = self.security_group.rule_create(secrule=rule)
self.assertTrue(self.security_group.rule_exists(rule_id))
self.topology = self.store(
app_testing_objects.Topology(
self.neutron,
self.nb_api,
), )
self.subnet = self.topology.create_subnet(
cidr=IPV4_CIDR,
enable_dhcp=True,
allocation_pool=IPV4_ALLOCATION_POOL,
)
self.subnet_ipv6 = self.topology.create_subnet(
cidr=IPV6_CIDR,
enable_dhcp=True,
allocation_pool=IPV6_ALLOCATION_POOL,
)
self.src_port = self.subnet.create_port([security_group_id])
self.dst_port = self.subnet.create_port([security_group_id])
self.src_port.update({
'name':
'src_port',
'admin_state_up':
True,
'fixed_ips': [
{
'ip_address': SRC_IPV4_1
},
{
'ip_address': SRC_IPV4_2
},
{
'ip_address': SRC_IPV6_1
},
{
'ip_address': SRC_IPV6_2
},
],
})
self.dst_port.update({
'name':
'dst_port',
'admin_state_up':
True,
'fixed_ips': [
{
'ip_address': DST_IPV4_1
},
{
'ip_address': DST_IPV4_2
},
{
'ip_address': DST_IPV6_1
},
{
'ip_address': DST_IPV6_2
},
],
})
self.src_lport = self.nb_api.get(
l2.LogicalPort(id=self.src_port.port.port_id), )
self.dst_lport = self.nb_api.get(
l2.LogicalPort(id=self.dst_port.port.port_id), )
def setUp(self):
super(TestSGApp, self).setUp()
self.topology = None
self.policy = None
try:
security_group = self.store(
objects.SecGroupTestObj(self.neutron, self.nb_api))
security_group_id = security_group.create()
self.assertTrue(security_group.exists())
security_group2 = self.store(
objects.SecGroupTestObj(self.neutron, self.nb_api))
security_group_id2 = security_group2.create()
self.assertTrue(security_group2.exists())
self.topology = self.store(
app_testing_objects.Topology(self.neutron, self.nb_api))
self.subnet = self.topology.create_subnet(cidr='192.168.14.0/24')
self.port1 = self.subnet.create_port()
self.port2 = self.subnet.create_port()
self.port3 = self.subnet.create_port([security_group_id])
port1_lport = self.port1.port.get_logical_port()
self.assertIsNotNone(port1_lport)
port1_fixed_ip = port1_lport.get_ip()
port2_lport = self.port2.port.get_logical_port()
self.assertIsNotNone(port2_lport)
port2_fixed_ip = port2_lport.get_ip()
egress_rule_info = {
'ethertype': 'IPv4',
'direction': 'egress',
'protocol': 'icmp'
}
egress_rule_id = security_group.rule_create(
secrule=egress_rule_info)
self.assertTrue(security_group.rule_exists(egress_rule_id))
egress_rule_id2 = security_group2.rule_create(
secrule=egress_rule_info)
self.assertTrue(security_group2.rule_exists(egress_rule_id2))
ingress_rule_info = {
'ethertype': 'IPv4',
'direction': 'ingress',
'protocol': 'icmp',
'remote_ip_prefix': port1_fixed_ip + "/32"
}
ingress_rule_id = security_group.rule_create(
secrule=ingress_rule_info)
self.assertTrue(security_group.rule_exists(ingress_rule_id))
ingress_rule_info2 = {
'ethertype': 'IPv4',
'direction': 'ingress',
'protocol': 'icmp',
'remote_ip_prefix': port2_fixed_ip + "/32"
}
ingress_rule_id2 = security_group2.rule_create(
secrule=ingress_rule_info2)
self.assertTrue(security_group2.rule_exists(ingress_rule_id2))
self.active_security_group_id = security_group_id
self.inactive_security_group_id = security_group_id2
self.permit_port_id = self.port1.port_id
self.no_permit_port_id = self.port2.port_id
self.permit_icmp_request = self._get_icmp_request1
self.no_permit_icmp_request = self._get_icmp_request2
time.sleep(const.DEFAULT_RESOURCE_READY_TIMEOUT)
self._update_policy()
except Exception:
if self.topology:
self.topology.close()
raise
def setUp(self):
super(TestPortSecApp, self).setUp()
self.topology = None
self.policy = None
self._ping = None
self.icmp_id_cursor = int(time.mktime(time.gmtime())) & 0xffff
try:
security_group = self.store(
objects.SecGroupTestObj(self.neutron, self.nb_api))
security_group_id = security_group.create()
self.assertTrue(security_group.exists())
egress_rule_info = {
'ethertype': 'IPv4',
'direction': 'egress',
'protocol': 'icmp'
}
egress_rule_id = security_group.rule_create(
secrule=egress_rule_info)
self.assertTrue(security_group.rule_exists(egress_rule_id))
ingress_rule_info = {
'ethertype': 'IPv4',
'direction': 'ingress',
'protocol': 'icmp',
'remote_ip_prefix': "192.168.196.0/24"
}
ingress_rule_id = security_group.rule_create(
secrule=ingress_rule_info)
self.assertTrue(security_group.rule_exists(ingress_rule_id))
self.topology = self.store(
app_testing_objects.Topology(self.neutron, self.nb_api))
self.subnet = self.topology.create_subnet(cidr='192.168.196.0/24')
self.port1 = self.subnet.create_port()
self.port1.update({
"allowed_address_pairs": [{
"ip_address": "192.168.196.100",
"mac_address": "10:20:99:99:99:99"
}]
})
self.port2 = self.subnet.create_port([security_group_id])
time.sleep(const.DEFAULT_RESOURCE_READY_TIMEOUT)
port_policies = self._create_port_policies()
self.policy = self.store(
app_testing_objects.Policy(
initial_actions=[
app_testing_objects.SendAction(
self.subnet.subnet_id, self.port1.port_id,
self._create_ping_using_fake_ip),
app_testing_objects.SendAction(
self.subnet.subnet_id, self.port1.port_id,
self._create_ping_using_fake_mac),
app_testing_objects.SendAction(
self.subnet.subnet_id, self.port1.port_id,
self._create_ping_using_vm_ip_mac),
app_testing_objects.SendAction(
self.subnet.subnet_id, self.port1.port_id,
self._create_ping_using_allowed_address_pair),
],
port_policies=port_policies,
unknown_port_action=app_testing_objects.IgnoreAction()))
except Exception:
if self.topology:
self.topology.close()
raise